IETF Logo Mail Archive

Re: [RPSEC] BGP Security Requirements v08

Russ White <riw@cisco.com> Wed, 11 July 2007 13:37 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I8cNs-0005Ov-1m; Wed, 11 Jul 2007 09:37:36 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I8cNr-0005Oq-DA for rpsec-confirm+ok@megatron.ietf.org; Wed, 11 Jul 2007 09:37:35 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I8cNq-0005Oi-Ei for rpsec@ietf.org; Wed, 11 Jul 2007 09:37:35 -0400
Received: from xmail02.myhosting.com ([168.144.250.15]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I8cNq-0000ct-6D for rpsec@ietf.org; Wed, 11 Jul 2007 09:37:34 -0400
Received: (qmail 21096 invoked from network); 11 Jul 2007 13:37:26 -0000
Received: from unknown (HELO [192.168.100.205]) (Authenticated-user:_russ@riw.us@[65.190.218.139]) (envelope-sender <riw@cisco.com>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <rpsec@ietf.org>; 11 Jul 2007 13:37:26 -0000
Message-ID: <4694DD0F.4000104@cisco.com>
Date: Wed, 11 Jul 2007 09:37:19 -0400
From: Russ White <riw@cisco.com>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: rpsec@ietf.org
Subject: Re: [RPSEC] BGP Security Requirements v08
References: <20070709142132.GF7635@1-4-5.net> <p06240505c2b95577827e@[128.89.89.71]> <20070710213538.GB27477@1-4-5.net> <p06240519c2b9b020c206@[128.89.89.71]> <4694DC3E.5010007@cisco.com>
In-Reply-To: <4694DC3E.5010007@cisco.com>
X-Enigmail-Version: 0.95.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


In a separate email, and with my WG chair hat _off_....

> Maybe it's useful to break this into two questions?
> 
> 1. Is information about the authorization of an originator to advertise
> reachability useful to AS' on the "other side" of a non-supporting AS?
> 
> 2. Is information about the validity of an AS path useful to AS' on the
> "other side" of a non-supporting AS?

IMHO, as an individual, I believe both of these pieces of information
are useful. I believe the origin authorization information is really
useful, along with the first hop (or second hop, depending on your point
of view) of the AS Path. The subsequent hops of the AS path are less
interesting than these two to the receiver on the "other side" of a
non-supporting AS.

Why? Because if you can validate the originator and the first (second)
hop (the second entry in the AS Path), then you have a good bit more
assurance the destination is valid/etc, than if you just drop this
information out.

:-)

Russ

- --
riw@cisco.com CCIE <>< Grace Alone

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGlN0PER27sUhU9OQRAuiZAJ4v/z6YbmRkrZrtOoyCdkmgTAfYWgCgkbFu
ViW1S1+MF8ykjh3AhBYjPJk=
=/e4u
-----END PGP SIGNATURE-----


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email